Solved Computer still freezing after 7 step process

Status
Not open for further replies.
L

lmoreno092

Posts: 10   +0
so last week my computer froze and when i tried to restart it windows started and said it could not load. so i did a system recovery and everything is working just fine but now i cannot load usaa.com. i can use any other website except this one. this is my bank so i figured that it might have a virus that and everytime i go to usaa.com my computer freezes and i have to hold the power button to restart. here are my malware files gmer did not work for me it just has a blank file and the dds
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7373

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/4/2011 4:53:21 PM
mbam-log-2011-08-04 (16-53-21).txt

Scan type: Quick scan
Objects scanned: 169290
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by 123 at 17:14:01 on 2011-08-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2524 [GMT -7:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 168.192.1.1 168.95.1.1
TCP: Interfaces\{8CD757CC-7057-4116-868C-33E914BAD8BC} : DhcpNameServer = 168.192.1.1 168.95.1.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/08/03 20:00:12];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2011-8-3 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2011-8-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-4 366640]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-14 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-08-04 23:26:39 -------- d-----r- C:\Program Files (x86)\Skype
2011-08-04 23:16:24 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BC96B9A-EFFC-4E7E-B867-44750C4CFE31}\mpengine.dll
2011-08-04 18:24:45 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-08-04 18:24:44 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-08-04 18:22:56 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2011-08-04 13:17:15 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-08-04 13:17:15 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-08-04 13:04:42 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-08-04 13:04:42 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-08-04 12:49:18 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-08-04 12:49:18 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-08-04 12:49:18 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-08-04 12:49:18 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-08-04 12:49:18 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-08-04 12:49:18 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-08-04 12:49:18 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-08-04 12:49:18 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-08-04 12:49:18 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-08-04 12:49:18 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-08-04 12:40:40 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-08-04 12:40:40 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-08-04 12:37:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-04 12:36:55 2870272 ----a-w- C:\Windows\explorer.exe
2011-08-04 12:35:58 633856 ----a-w- C:\Windows\System32\comctl32.dll
2011-08-04 12:35:57 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2011-08-04 12:35:53 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-08-04 12:35:53 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-08-04 12:35:50 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-08-04 12:35:23 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-04 12:35:23 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-04 12:35:02 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2011-08-04 12:35:02 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2011-08-04 12:35:00 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-08-04 12:33:52 46592 ----a-w- C:\Windows\System32\msasn1.dll
2011-08-04 12:32:53 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-08-04 12:32:53 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-08-04 12:32:53 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-08-04 12:32:52 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-08-04 12:32:52 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-08-04 12:19:15 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-08-04 12:19:14 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-08-04 12:19:14 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-08-04 12:19:14 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-08-04 12:19:14 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-08-04 12:19:14 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-08-04 12:19:14 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-08-04 12:19:14 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-08-04 12:19:14 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-08-04 12:19:13 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-08-04 12:15:09 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-08-04 12:15:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-08-04 12:14:57 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-08-04 12:14:56 112000 ----a-w- C:\Windows\System32\consent.exe
2011-08-04 12:08:00 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-04 12:05:49 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F831F01-0853-43EA-8DB0-AF3663CD3FA1}\gapaengine.dll
2011-08-04 12:04:54 -------- d-----w- C:\Users\123\AppData\Local\Adobe
2011-08-04 12:03:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-04 12:03:35 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-08-04 12:03:24 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-08-04 10:12:21 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C0A4382-19D9-4E6B-997C-9F1AE4327651}\mpengine.dll
2011-08-04 10:12:18 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-04 09:04:57 -------- d-----w- C:\Users\123\AppData\Roaming\Malwarebytes
2011-08-04 09:04:23 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-04 09:04:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-04 09:04:19 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-04 09:04:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-04 09:03:23 -------- d-----w- C:\Users\123\AppData\Roaming\SUPERAntiSpyware.com
2011-08-04 09:03:05 -------- d-----w- C:\ProgramData\!SASCORE
2011-08-04 09:03:00 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-04 09:03:00 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-04 08:59:30 388096 ----a-r- C:\Users\123\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-04 08:59:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-04 05:26:21 -------- d-----w- C:\Users\123\AppData\Roaming\AVG10
2011-08-04 05:24:51 -------- d--h--w- C:\ProgramData\Common Files
2011-08-04 05:24:07 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-08-04 05:24:07 -------- d-----w- C:\ProgramData\AVG10
2011-08-04 05:23:30 -------- d-----w- C:\Program Files (x86)\AVG
2011-08-04 05:14:08 -------- d-----w- C:\ProgramData\MFAData
2011-08-04 04:06:30 -------- d-----w- C:\Users\123\AppData\Roaming\Panda Security
2011-08-04 04:05:46 -------- d-----w- C:\ProgramData\Panda Security
2011-08-04 04:05:46 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-08-04 04:05:26 -------- d-----w- C:\temp
2011-08-04 04:04:59 -------- d-----w- C:\Users\123\AppData\Roaming\HpUpdate
2011-08-04 03:56:46 -------- d-----w- C:\Users\123\AppData\Local\ATI
2011-08-04 03:56:12 -------- d-----w- C:\Users\123\AppData\Local\VirtualStore
2011-08-04 03:56:05 -------- d-----w- C:\Users\123\AppData\Local\Hewlett-Packard_Company
2011-08-04 03:56:01 -------- d-----w- C:\Users\123\AppData\Roaming\hpqlog
2011-08-04 03:53:03 -------- d-----w- C:\Users\123\AppData\Roaming\HP TCS
2011-08-04 03:52:54 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-08-04 03:52:54 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-08-04 03:52:52 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-08-04 03:52:52 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-08-04 03:43:21 -------- d-----w- C:\ProgramData\Recovery
2011-08-04 03:40:20 -------- d-----w- C:\Windows\ehome
2011-08-04 03:23:34 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc3468.tmp
2011-08-04 03:20:39 -------- d-----w- C:\ProgramData\Corel
2011-08-04 03:20:39 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2011-08-04 03:20:39 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-08-04 03:17:39 368640 ----a-w- C:\Windows\System32\HP MediaSmart Demo.scr
2011-08-04 03:17:21 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-04 03:17:21 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-04 03:17:21 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-04 03:17:21 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-04 03:17:21 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-04 03:17:21 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-04 03:17:21 131072 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-04 03:15:30 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2011-08-04 03:13:24 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems
2011-08-04 03:13:20 -------- d-----w- C:\Program Files (x86)\Corel
2011-08-04 03:11:13 -------- d-----w- C:\Program Files (x86)\Sling Media
2011-08-04 02:55:07 -------- d-----w- C:\Windows\Hewlett-Packard
2011-08-04 02:54:31 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2011-08-04 02:54:31 436224 ----a-w- C:\Windows\System32\AESTEC64.dll
2011-08-04 02:54:30 160768 ----a-w- C:\Windows\System32\AESTAC64.dll
2011-08-04 02:54:29 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2011-08-04 02:54:29 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2011-08-04 02:54:29 450048 ----a-w- C:\Windows\sttray64.exe
2011-08-04 02:54:29 3593216 ----a-w- C:\Windows\System32\stlang64.dll
2011-08-04 02:54:29 12158464 ----a-w- C:\Windows\System32\idtcpl64.cpl
2011-08-04 02:54:27 -------- d-----w- C:\Windows\System32\SRSLabs
2011-08-04 02:53:54 209920 ----a-w- C:\Windows\System32\staco64.dll
2011-08-04 02:53:53 604672 ------w- C:\Windows\System32\stapi64.dll
2011-08-04 02:53:53 487936 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2011-08-04 02:53:53 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2011-08-04 02:53:53 1431552 ----a-w- C:\Windows\System32\stapo64.dll
2011-08-04 02:53:43 -------- d-----w- C:\Program Files\IDT
2011-08-04 02:53:15 -------- d-----w- C:\Program Files (x86)\Atheros
2011-08-04 02:53:10 -------- d-----w- C:\ProgramData\Atheros
2011-08-04 02:52:43 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-08-04 02:52:43 215040 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-08-04 02:52:34 36408 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-08-04 02:52:33 -------- d-----w- C:\Program Files (x86)\AMD
2011-08-04 02:52:22 7347200 ----a-w- C:\Windows\System32\RTSUSTORicon.dll
2011-08-04 02:52:12 -------- d-----w- C:\Program Files (x86)\Realtek
2011-08-04 02:51:54 61440 ------w- C:\Windows\SysWow64\agrsmdel.exe
2011-08-04 02:51:54 14848 ------w- C:\Windows\SysWow64\agrsco64.dll
2011-08-04 02:51:54 13824 ------w- C:\Windows\SysWow64\agrscoin.dll
2011-08-04 02:51:49 -------- d-----w- C:\Program Files\LSI SoftModem
2011-08-04 02:51:44 -------- d-----w- C:\Windows\Options
2011-08-04 02:51:32 -------- d-----w- C:\Program Files\Synaptics
2011-08-04 02:49:27 -------- d-----w- C:\Program Files\ATI
2011-08-04 02:49:25 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:14:51.45 ===============
.
 
attach for dds

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2011 8:50:05 PM
System Uptime: 8/4/2011 4:44:26 PM (1 hours ago)
.
Motherboard: Quanta | | 3638
Processor: AMD Turion(tm) II Ultra Dual-Core Mobile M600 | Socket S1G3 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 417.615 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.519 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
AMD USB Filter Driver
Atheros Driver Installation Program
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
CyberLink DVD Suite
HiJackThis
Homepage Protection
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0153
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java(TM) 6 Update 14
Junk Mail filter update
Kaspersky Internet Security 2011
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Live Search Toolbar
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
PhotoNow!
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Skype™ 5.5
SlingBoxWatchYourTVAnyWhere
VideoStudio
Visual Studio 2008 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
8/4/2011 6:10:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
8/4/2011 5:58:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).
8/4/2011 5:52:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
8/4/2011 5:05:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
8/4/2011 4:56:06 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.
8/4/2011 4:54:56 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
8/4/2011 4:54:18 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
8/4/2011 4:53:12 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/4/2011 4:24:13 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/4/2011 4:18:22 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
8/4/2011 4:14:23 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/4/2011 4:13:27 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
8/4/2011 4:13:26 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.109.1056.0;1.109.1056.0 Engine version: 1.1.7104.0
8/4/2011 4:00:04 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/4/2011 2:26:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {8F5DF053-3013-4DD8-B5F4-88214E81C0CF}
8/4/2011 2:26:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/4/2011 2:26:18 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2011 12:36:31 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/4/2011 12:35:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:34:09 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:32:45 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/4/2011 12:17:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
8/4/2011 12:16:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.
8/4/2011 12:16:20 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/4/2011 12:16:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Anti-Virus Service service, but this action failed with the following error: An instance of the service is already running.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/4/2011 12:16:06 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/4/2011 12:15:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
8/4/2011 12:15:41 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2011 12:15:01 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:15:01 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:15:01 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/4/2011 12:15:01 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:15:01 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:15:01 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:12:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/4/2011 12:12:01 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2011 12:07:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
8/4/2011 12:04:44 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:04:44 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:04:44 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/4/2011 12:04:44 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/4/2011 12:04:44 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:04:44 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:04:44 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 12:00:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: An instance of the service is already running.
8/4/2011 11:57:50 AM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 11:57:50 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 11:57:50 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/4/2011 11:10:32 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
8/4/2011 10:43:50 AM, Error: Service Control Manager [7023] -
8/4/2011 10:43:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/4/2011 10:40:50 AM, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
8/4/2011 10:40:47 AM, Error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
8/4/2011 1:48:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
8/4/2011 1:48:15 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2011 1:41:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
8/4/2011 1:40:38 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/4/2011 1:39:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
8/3/2011 9:53:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
8/3/2011 9:53:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/3/2011 9:53:03 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2011 9:23:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
8/3/2011 9:18:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.
8/3/2011 9:18:34 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2011 9:18:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
8/3/2011 9:18:03 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2011 9:16:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v2.0.50727_X86 service to connect.
8/3/2011 9:05:56 PM, Error: Service Control Manager [7030] - The Panda Cloud Antivirus Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

You're running two AV programs, Kaspersky Internet Security and Microsoft Security Essentials.
One of them has to go.
Your choice.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-04 19:27:39
-----------------------------
19:27:39.861 OS Version: Windows x64 6.1.7600
19:27:39.861 Number of processors: 2 586 0x602
19:27:39.861 ComputerName: 123-PC UserName: 123
19:27:42.326 Initialize success
19:27:52.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:27:52.954 Disk 0 Vendor: ST9500420AS 0003HPM1 Size: 476940MB BusType: 11
19:27:54.982 Disk 0 MBR read successfully
19:27:54.982 Disk 0 MBR scan
19:27:54.982 Disk 0 unknown MBR code
19:27:54.998 Service scanning
19:27:56.152 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:27:56.839 Modules scanning
19:27:56.839 Disk 0 trace - called modules:
19:27:56.854 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:27:56.854 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800436d790]
19:27:56.870 3 CLASSPNP.SYS[fffff8800109543f] -> nt!IofCallDriver -> [0xfffffa800436ab10]
19:27:56.870 5 hpdskflt.sys[fffff880029ca289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042e0060]
19:27:56.885 Scan finished successfully
19:29:27.069 Disk 0 MBR has been saved successfully to "C:\Users\123\Desktop\MBR.dat"
19:29:27.131 The log file has been saved successfully to "C:\Users\123\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-04 19:57:02
-----------------------------
19:57:02.166 OS Version: Windows x64 6.1.7600
19:57:02.166 Number of processors: 2 586 0x602
19:57:02.166 ComputerName: 123-PC UserName: 123
19:57:04.787 Initialize success
19:57:11.634 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:57:11.650 Disk 0 Vendor: ST9500420AS 0003HPM1 Size: 476940MB BusType: 11
19:57:13.678 Disk 0 MBR read successfully
19:57:13.678 Disk 0 MBR scan
19:57:13.678 Disk 0 unknown MBR code
19:57:13.693 Service scanning
19:57:14.848 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:57:15.456 Modules scanning
19:57:15.456 Disk 0 trace - called modules:
19:57:15.472 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:57:15.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004374060]
19:57:15.487 3 CLASSPNP.SYS[fffff880010a843f] -> nt!IofCallDriver -> [0xfffffa8004373040]
19:57:15.503 5 hpdskflt.sys[fffff88002180289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042ff060]
19:57:15.503 Scan finished successfully
19:57:28.545 Disk 0 MBR has been saved successfully to "C:\Users\123\Desktop\MBR.dat"
19:57:28.576 The log file has been saved successfully to "C:\Users\123\Desktop\aswMBR.txt"
ComboFix 11-08-04.02 - 123 08/04/2011 19:39:23.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2705 [GMT -7:00]
Running from: c:\users\123\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 02:44 . 2011-08-05 02:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 00:21 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D846E9E-891A-47D4-B455-D7A3D875D492}\mpengine.dll
2011-08-04 23:26 . 2011-08-04 23:26 -------- d-----r- c:\program files (x86)\Skype
2011-08-04 23:26 . 2011-08-04 23:26 -------- d-----w- c:\programdata\Skype
2011-08-04 13:17 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-04 13:17 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-08-04 13:04 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-04 13:04 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-08-04 12:49 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-08-04 12:49 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-08-04 12:49 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-04 12:49 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-08-04 12:49 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-08-04 12:49 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-04 12:49 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-04 12:49 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-08-04 12:49 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-04 12:49 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-08-04 12:40 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-08-04 12:40 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-08-04 12:37 . 2011-06-02 06:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-04 12:36 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-08-04 12:35 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2011-08-04 12:35 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2011-08-04 12:35 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-08-04 12:35 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-04 12:35 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-08-04 12:35 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-04 12:35 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-04 12:35 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2011-08-04 12:35 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2011-08-04 12:35 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-04 12:33 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll
2011-08-04 12:32 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-08-04 12:32 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-08-04 12:32 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-08-04 12:32 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-08-04 12:32 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-08-04 12:19 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-08-04 12:19 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-08-04 12:19 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-08-04 12:19 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-08-04 12:19 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-08-04 12:19 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-08-04 12:19 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-08-04 12:19 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-08-04 12:19 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-08-04 12:19 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-08-04 12:15 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-04 12:15 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-08-04 12:14 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-08-04 12:14 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-08-04 12:05 . 2011-08-04 12:05 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F831F01-0853-43EA-8DB0-AF3663CD3FA1}\gapaengine.dll
2011-08-04 12:03 . 2011-08-04 12:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-04 12:03 . 2011-08-04 12:03 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-04 12:03 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-08-04 10:12 . 2011-07-20 16:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C0A4382-19D9-4E6B-997C-9F1AE4327651}\mpengine.dll
2011-08-04 10:12 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-04 09:04 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-04 09:04 . 2011-08-04 09:04 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 09:04 . 2011-08-04 09:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-04 09:04 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 09:03 . 2011-08-04 09:03 -------- d-----w- c:\programdata\!SASCORE
2011-08-04 09:03 . 2011-08-04 09:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-04 09:03 . 2011-08-04 09:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-04 08:59 . 2011-08-04 08:59 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-04 05:24 . 2011-08-04 05:24 -------- d--h--w- c:\programdata\Common Files
2011-08-04 05:24 . 2011-08-04 11:06 -------- d-----w- c:\programdata\AVG10
2011-08-04 05:24 . 2011-08-04 09:55 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-04 05:23 . 2011-08-04 05:23 -------- d-----w- c:\program files (x86)\AVG
2011-08-04 05:14 . 2011-08-04 09:57 -------- d-----w- c:\programdata\MFAData
2011-08-04 04:05 . 2011-08-04 11:06 -------- d-----w- c:\program files (x86)\Panda Security
2011-08-04 04:05 . 2011-08-04 04:05 -------- d-----w- c:\programdata\Panda Security
2011-08-04 04:05 . 2011-08-04 04:05 -------- d-----w- C:\temp
2011-08-04 03:52 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-08-04 03:52 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-08-04 03:52 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-08-04 03:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-08-04 03:50 . 2011-08-04 23:13 -------- d-----w- c:\users\123
2011-08-04 03:43 . 2011-08-04 03:43 -------- d-----w- c:\programdata\Recovery
2011-08-04 03:41 . 2011-08-04 03:41 -------- d-----w- c:\programdata\ATI
2011-08-04 03:40 . 2011-08-04 17:39 -------- d-----w- c:\windows\ehome
2011-08-04 03:40 . 2011-08-04 03:40 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2011-08-04 03:40 . 2011-08-04 03:40 -------- d-----r- c:\users\Public\Recorded TV
2011-08-04 03:23 . 2011-08-04 03:23 140066664 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc3468.tmp
2011-08-04 03:20 . 2011-08-04 03:22 -------- d-----w- c:\programdata\Corel
2011-08-04 03:20 . 2011-08-04 03:20 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-08-04 03:20 . 2011-08-04 03:20 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2011-08-04 03:17 . 2009-06-30 17:06 368640 ----a-w- c:\windows\system32\HP MediaSmart Demo.scr
2011-08-04 03:17 . 2011-08-04 03:17 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-04 03:17 . 2011-08-04 03:17 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-04 03:17 . 2011-08-04 03:17 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-04 03:17 . 2011-08-04 03:17 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-04 03:17 . 2011-08-04 03:17 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-04 03:17 . 2011-08-04 03:17 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-04 03:17 . 2011-08-04 03:17 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-04 03:17 . 2011-08-04 03:17 -------- d-----w- c:\program files (x86)\QuickTime
2011-08-04 03:17 . 2011-08-04 03:17 -------- d-----w- c:\programdata\Apple Computer
2011-08-04 03:15 . 2011-08-04 03:15 -------- d-----w- c:\program files (x86)\Windows Media Components
2011-08-04 03:13 . 2011-08-04 03:15 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2011-08-04 03:13 . 2011-08-04 03:13 -------- d-----w- c:\programdata\Ulead Systems
2011-08-04 03:13 . 2011-08-04 03:20 -------- d-----w- c:\program files (x86)\Corel
2011-08-04 03:11 . 2011-08-04 03:11 -------- d-----w- c:\program files (x86)\Sling Media
2011-08-04 02:58 . 2011-08-04 02:58 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-08-04 02:55 . 2011-08-04 02:55 -------- d-----w- c:\windows\Hewlett-Packard
2011-08-04 02:54 . 2009-05-21 21:57 436224 ----a-w- c:\windows\system32\AESTEC64.dll
2011-08-04 02:54 . 2009-03-02 20:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2011-08-04 02:53 . 2011-08-04 02:53 -------- d-----w- c:\program files (x86)\Atheros
2011-08-04 02:53 . 2011-08-04 02:53 -------- d-----w- c:\programdata\Atheros
2011-08-04 02:52 . 2009-05-23 06:52 215040 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-08-04 02:52 . 2009-03-05 22:54 67584 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-08-04 02:52 . 2011-08-04 02:52 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-04 02:52 . 2009-03-09 13:49 36408 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2011-08-04 02:52 . 2011-08-04 02:52 -------- d-----w- c:\program files (x86)\AMD
2011-08-04 02:52 . 2009-02-03 02:27 7347200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2011-08-04 02:52 . 2011-08-04 02:52 -------- d-----w- c:\program files (x86)\Realtek
2011-08-04 02:52 . 2011-08-04 02:52 -------- d-----w- c:\program files\DIFX
2011-08-04 02:51 . 2009-03-28 02:12 13824 ------w- c:\windows\SysWow64\agrscoin.dll
2011-08-04 02:51 . 2009-03-28 02:12 14848 ------w- c:\windows\SysWow64\agrsco64.dll
2011-08-04 02:51 . 2009-03-28 02:03 61440 ------w- c:\windows\SysWow64\agrsmdel.exe
2011-08-04 02:51 . 2011-08-04 02:51 -------- d-----w- c:\program files\LSI SoftModem
2011-08-04 02:51 . 2011-08-04 02:51 -------- d-----w- c:\windows\Options
2011-08-04 02:51 . 2011-08-04 02:51 -------- d-----w- c:\program files\Synaptics
2011-08-04 02:49 . 2011-08-04 02:49 -------- d-----w- c:\program files\ATI
2011-08-04 02:49 . 2011-08-04 02:50 -------- d-----w- c:\program files (x86)\ATI Technologies
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 05:56 . 2011-08-04 12:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-29 5464448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-06-22 16712]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-08-15 148888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/08/03 20:00];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 03:45 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_Dlls"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 168.192.1.1 168.95.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-08-04 19:50:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-05 02:50
ComboFix2.txt 2011-08-04 11:57
.
Pre-Run: 448,912,281,600 bytes free
Post-Run: 448,919,269,376 bytes free
.
- - End Of File - - 845F67278B36265277270C0EB2907741
 
well while i was waiting for your reply i used bing on internet explorer and tried to access the site and it worked, so then i went to google and it worked again. do you still want me to try firefox
 
I'm not sure if I understand.
Why do you go to usaa.com through Google instead of going there directly?
 
well instead of typing httpsxx i just type usaa in the browser and then the link pops up and then i click on it. before my computer crashed last week usaa.com was my homepage. so everytime i clicked on the e for internet explore it would take me directly to usaa
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back